[PR #3230] Bump the prod-minor-updates group across 1 directory with 9 updates #29075

Open
opened 2026-06-11 00:45:51 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/fosrl/pangolin/pull/3230
Author: @dependabot[bot]
Created: 6/8/2026
Status: 🔄 Open

Base: mainHead: dependabot/npm_and_yarn/prod-minor-updates-a08bf916a0


📝 Commits (1)

  • c2180f8 Bump the prod-minor-updates group across 1 directory with 9 updates

📊 Changes

2 files changed (+1277 additions, -603 deletions)

View changed files

📝 package-lock.json (+1268 -594)
📝 package.json (+9 -9)

📄 Description

Bumps the prod-minor-updates group with 9 updates in the / directory:

Package From To
@aws-sdk/client-s3 3.1056.0 3.1066.0
@radix-ui/react-radio-group 1.3.8 1.4.0
@radix-ui/react-select 2.2.6 2.3.0
@radix-ui/react-switch 1.2.6 1.3.0
@tanstack/react-query 5.100.14 5.101.0
axios 1.16.1 1.17.0
js-yaml 4.1.1 4.2.0
posthog-node 5.35.6 5.36.15
react-hook-form 7.76.1 7.78.0

Updates @aws-sdk/client-s3 from 3.1056.0 to 3.1066.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1066.0

3.1066.0(2026-06-10)

New Features
  • client-amp: Adds supports for out-of-order sample ingestion (default 1-minute window) and a configurable rule query offset to reduce data loss and improve alerting accuracy. (7c5a6413)
  • client-medialive: Adding premixer settings to pid and track audio inputs in MediaLIve to allow greater control over mixing audio from multiple source streams including support for AudioPidSelectors made up of multiple audio PIDs. (82f4fa6a)
  • client-ec2: This release adds support for AMI Watermark which a structured identifier that helps in tracking AMI provenance (e4a7c0b8)
  • client-signin: AWS Sign-In now allows customers to control access to the AWS Management Console using resource-based policies. With this release customers can restrict console access based on network perimeters such as VPC IDs, VPC endpoints, and IP addresses. (7ac0cf5f)
  • client-ecs: Amazon ECS Managed Daemon task definitions now support pidMode and ipcMode parameters. Set shared to allow daemons to share PID or IPC namespaces with co-located tasks on Managed Instances, enabling process tracing and shared memory communication. (4a88904d)
  • client-lightsail: This release adds support for Asia Pacific (Hong Kong) (ap-east-1), Europe (Spain) (eu-south-2) and South America (Sao Paulo) (sa-east-1) Regions. (2d21213a)
  • client-sagemaker: Add support for G6e instances (ml.g6e.xlarge through ml.g6e.48xlarge) on Amazon SageMaker Notebook Instances. (1f9aaa5b)
  • client-connecthealth: Add support for MedicalScribeBinaryAudioEvent in the Medical Scribe streaming input. This new event type lets you send audio as a raw binary payload instead of a base64-encoded value (b53e6271)
  • undici-http-handler: re-export '@​smithy/undici-http-handler' (#8093) (7a1992b0)
Tests

For list of updated packages, view updated-packages.md in assets-3.1066.0.zip

v3.1065.0

3.1065.0(2026-06-09)

Chores
  • lib-transfer-manager: sort scripts alphabetically (#8087) (0441d8b7)
New Features
  • clients: update client endpoints as of 2026-06-09 (935d71be)
  • client-timestream-write: Adding new BDD representation of endpoint ruleset (45148681)
  • client-cloudwatch: This release adds the APIs (AssociateDatasetKmsKey, DisassociateDatasetKmsKey, GetDataset) to manage encryption at rest for OpenTelemetry metrics in CloudWatch using AWS KMS customer managed keys. (67566cd6)
  • client-marketplace-commerce-analytics: Adding new BDD representation of endpoint ruleset (0adb8bd9)
  • client-bedrock: Adds support for the Amazon Bedrock account-level data retention APIs PutAccountDataRetention and GetAccountDataRetention. (9acf4f7f)
  • client-odb: Releases Autonomous Database Serverless APIs, autonomousDatabaseOciIntegrationIamRoles, linkedOciTenancyId, linkedOciCompartmentId, and subscriptionErrors fields in GetOciOnboardingStatus API response. (fad7009c)
  • client-timestream-query: Adding new BDD representation of endpoint ruleset (878fc723)
  • client-dynamodb-streams: Adding new BDD representation of endpoint ruleset (eeaa7827)
  • client-ec2: Added TagFieldSpecifications to CreateFlowLogs and DescribeFlowLogs APIs. Customers can now specify tag keys in their Flow Logs subscriptions to capture associated EC2 resource tag values in their logs, enabling tag-based visibility. (6a382a8a)
  • client-bedrock-agentcore: Add RetryableConflictException (HTTP 409) to InvokeAgentRuntimeCommand and GetAgentCard to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. (a9c4a0da)
  • client-outposts: Added AWS Outposts APIs for self-service Outposts quoting and ordering. New operations include CreateQuote, GetQuote, UpdateQuote, DeleteQuote, ListQuotes, and ListOrderableInstanceTypes. (bb1279ef)
  • client-iotsitewise: Adding new BDD representation of endpoint ruleset (b9314d4a)
Bug Fixes
  • credential-provider-sso: forward clientConfig to SSO token provider (#8089) (4bacac32)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1066.0 (2026-06-10)

Note: Version bump only for package @​aws-sdk/client-s3

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/client-s3

3.1064.0 (2026-06-08)

Note: Version bump only for package @​aws-sdk/client-s3

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/client-s3

3.1062.0 (2026-06-04)

Note: Version bump only for package @​aws-sdk/client-s3

3.1061.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-s3

3.1060.0 (2026-06-03)

... (truncated)

Commits

Updates @radix-ui/react-radio-group from 1.3.8 to 1.4.0

Changelog

Sourced from @​radix-ui/react-radio-group's changelog.

1.4.0

  • Added unstable RadioGroupItemProvider, RadioGroupItemTrigger and RadioGroupItemBubbleInput parts. These expose the previously internal composition of a radio item (context provider, the interactive control, and the hidden form input) so consumers can directly access and recompose them. The RadioGroupItem component continues to render them by default.
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-roving-focus@1.1.12, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-use-size@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-radio-group since your current version.


Updates @radix-ui/react-select from 2.2.6 to 2.3.0

Changelog

Sourced from @​radix-ui/react-select's changelog.

2.3.0

  • Added unstable Provider and BubbleInput parts to Select. Select.unstable_Provider sets up Select's context and state without implicitly rendering the hidden native select, and Select.unstable_BubbleInput exposes that previously internal native select so consumers can recompose it explicitly. Select continues to render both by default.
  • Added support for presence-based exit animations in Select
  • Fixed Select hidden input so it submits empty string when no value is selected
  • Fixed placeholder rendering when a controlled Select is reset to an empty value
  • Added missing __selectScope prop to PopperContent component
  • Fixed Select closing unexpectedly after touch-scrolling its content when rendered inside an open shadow DOM
  • Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Fixed SelectValue logging invalid prop errors when used with both asChild and a placeholder
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-visually-hidden@1.2.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-select since your current version.


Updates @radix-ui/react-switch from 1.2.6 to 1.3.0

Changelog

Sourced from @​radix-ui/react-switch's changelog.

1.3.0

  • Added unstable Provider, Trigger and BubbleInput parts to Switch. These expose the previously internal composition (context provider, the interactive control, and the hidden form input) so consumers can directly access and recompose them. The Switch component continues to render them by default.
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-use-size@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-switch since your current version.


Updates @tanstack/react-query from 5.100.14 to 5.101.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.0

Patch Changes

@​tanstack/react-query-next-experimental@​5.101.0

Patch Changes

  • #10857 7cf5923 - fix(react-query-next-experimental): replace deprecated 'isServer' with 'environmentManager.isServer()'

  • Updated dependencies []:

    • @​tanstack/react-query@​5.101.0

@​tanstack/react-query-persist-client@​5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.0
    • @​tanstack/react-query@​5.101.0

@​tanstack/react-query@​5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0
Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0
Commits

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Commits

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates posthog-node from 5.35.6 to 5.36.15

Release notes

Sourced from posthog-node's releases.

posthog-node@5.36.15

5.36.15

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.32.1

posthog-node@5.36.14

5.36.14

Patch Changes

  • Updated dependencies [612f97a]:
    • @​posthog/core@​1.32.0

posthog-node@5.36.13

5.36.13

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.31.4

posthog-node@5.36.12

5.36.12

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.31.3

posthog-node@5.36.11

5.36.11

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.31.2

posthog-node@5.36.10

5.36.10

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.31.1

posthog-node@5.36.9

5.36.9

... (truncated)

Changelog

Sourced from posthog-node's changelog.

5.36.15

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.32.1

5.36.14

Patch Changes

  • Updated dependencies [612f97a]:
    • @​posthog/core@​1.32.0

5.36.13

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.31.4

5.36.12

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.31.3

5.36.11

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.31.2

5.36.10

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.31.1

5.36.9

Patch Changes

  • Updated dependencies [0c2acb9]:
    • @​posthog/core@​1.31.0

5.36.8

... (truncated)

Commits
  • defbc62 chore: update versions and lockfile [version bump]
  • 50a666f chore: update versions and lockfile [version bump]
  • f4d4c8b chore: update versions and lockfile [version bump]
  • 8b8b196 chore: update versions and lockfile [version bump]
  • a88dfa1 chore: update versions and lockfile [version bump]
  • a116ad3 chore: update versions and lockfile [version bump]
  • e93fcb1 chore: update versions and lockfile [version bump]
  • 57e4e25 chore: update versions and lockfile [version bump]
  • 65f9a67 chore: update versions and lockfile [version bump]
  • 7820929 refactor: reduce duplicate code found by dry4ts (#3748)
  • Additional commits viewable in compare view

Updates react-hook-form from 7.76.1 to 7.78.0

Release notes

Sourced from react-hook-form's releases.

Version 7.78.0

🦷 update type dirtyFields typing for field arrays with undefined entries (#13492) 🐞 fix: recover Controller fields after reset without rerender (RN issue #13455) (#13497) 🐞 fix useFormState().isDirty race with async resolver in onChange mode (#13495) 🐞 fix: use reactive values prop over defaultValues when shouldUnregister is true (#13485) 🐞 fix deepEqual for empty non-plain objects (#13493)

thanks to @​cyphercodes

Version 7.77.0

🥡 feat: add resetDefaultValues API (#13427)

https://react-hook-form.com/docs/useform/resetdefaultvalues

const { resetDefaultValues } = useForm();

resetDefaultValues(currentValues);

🐚 harden get() against prototype-path traversal (proto / constructor / prototype) (#13479) 🐞 fix FieldArray errors overriding nested fields (#13476) 🐞 fix inconsistent reset({}) behavior requiring double-call to take effect (#13473) 🐞 fix: preserve values with shouldUnregister (#13464) 🐞 fix stale isDirty in subscribe payload after reset(..., { keepValues: true }) (#13461) 👝 save bundle size (#13468)

thanks to @​puneetdixit200 & @​dfedoryshchev

Changelog

Sourced from react-hook-form's changelog.

Changelog

[7.77.0] - 2026-05-31

Added

  • resetDefaultValues API

Fixed

  • Stale isDirty in subscribe payload after reset(..., { keepValues: true })
  • Preserve values with shouldUnregister
  • Inconsistent reset({}) behavior requiring double-call to take effect
  • FieldArray errors overriding nested fields

Security

  • Harden get() against prototype-path traversal (__proto__ / constructor / prototype)

Performance

  • Bundle size reduction
Commits
  • 23ab3a7 7.78.0
  • 29fbd7d 🪭 close #13506 add regression test for useFormState
  • b000509 📝 test: fix "allow to" grammar in test descriptions (#13504)
  • 76187c3 🧪 add unit test for regression render submit with useWatch #13035
  • 16c35fb 🫡 add regression coverage for dynamic Controller names with keepDirtyValues/k...
  • 0bd39fa 🐞 fix: recover Controller fields after reset without rerender (RN issue #1345...
  • 6a501e0 🦷 update type dirtyFields typing for field arrays with undefined entries (#13...
  • d681dc5 🐞 fix useFormState().isDirty race with async resolver in onChange mode (#...
  • a9b8a6f 🐞 fix: use reactive values prop over defaultValues when shouldUnregister is t...
  • 686da3f 🐞 fix deepEqual for empty non-plain objects (#13493)
  • Additional commits viewable in compare view


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/pangolin/pull/3230 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 6/8/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/prod-minor-updates-a08bf916a0` --- ### 📝 Commits (1) - [`c2180f8`](https://github.com/fosrl/pangolin/commit/c2180f844958d73d4843fadfa6182e93e0ba2ed2) Bump the prod-minor-updates group across 1 directory with 9 updates ### 📊 Changes **2 files changed** (+1277 additions, -603 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+1268 -594) 📝 `package.json` (+9 -9) </details> ### 📄 Description Bumps the prod-minor-updates group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.1056.0` | `3.1066.0` | | [@radix-ui/react-radio-group](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/radio-group) | `1.3.8` | `1.4.0` | | [@radix-ui/react-select](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/select) | `2.2.6` | `2.3.0` | | [@radix-ui/react-switch](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/switch) | `1.2.6` | `1.3.0` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.14` | `5.101.0` | | [axios](https://github.com/axios/axios) | `1.16.1` | `1.17.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.35.6` | `5.36.15` | | [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.76.1` | `7.78.0` | Updates `@aws-sdk/client-s3` from 3.1056.0 to 3.1066.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws/aws-sdk-js-v3/releases">@​aws-sdk/client-s3's releases</a>.</em></p> <blockquote> <h2>v3.1066.0</h2> <h4>3.1066.0(2026-06-10)</h4> <h5>New Features</h5> <ul> <li><strong>client-amp:</strong> Adds supports for out-of-order sample ingestion (default 1-minute window) and a configurable rule query offset to reduce data loss and improve alerting accuracy. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/7c5a6413fe3786fc2f31d20c8a2d54783514e4fd">7c5a6413</a>)</li> <li><strong>client-medialive:</strong> Adding premixer settings to pid and track audio inputs in MediaLIve to allow greater control over mixing audio from multiple source streams including support for AudioPidSelectors made up of multiple audio PIDs. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/82f4fa6a5d267d9078c2b90ef4fe589ff3db241a">82f4fa6a</a>)</li> <li><strong>client-ec2:</strong> This release adds support for AMI Watermark which a structured identifier that helps in tracking AMI provenance (<a href="https://github.com/aws/aws-sdk-js-v3/commit/e4a7c0b84264e82677ed15f2e9267118cf16b0c5">e4a7c0b8</a>)</li> <li><strong>client-signin:</strong> AWS Sign-In now allows customers to control access to the AWS Management Console using resource-based policies. With this release customers can restrict console access based on network perimeters such as VPC IDs, VPC endpoints, and IP addresses. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/7ac0cf5ffcd6864f67affa5471fc2af16874df4e">7ac0cf5f</a>)</li> <li><strong>client-ecs:</strong> Amazon ECS Managed Daemon task definitions now support pidMode and ipcMode parameters. Set shared to allow daemons to share PID or IPC namespaces with co-located tasks on Managed Instances, enabling process tracing and shared memory communication. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/4a88904d67e2b9293a9352218615cd7566338757">4a88904d</a>)</li> <li><strong>client-lightsail:</strong> This release adds support for Asia Pacific (Hong Kong) (ap-east-1), Europe (Spain) (eu-south-2) and South America (Sao Paulo) (sa-east-1) Regions. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/2d21213a040099efb4265d25f3c881fdcd2a51f4">2d21213a</a>)</li> <li><strong>client-sagemaker:</strong> Add support for G6e instances (ml.g6e.xlarge through ml.g6e.48xlarge) on Amazon SageMaker Notebook Instances. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/1f9aaa5b6b507edf9e2838414d588f539395ffde">1f9aaa5b</a>)</li> <li><strong>client-connecthealth:</strong> Add support for MedicalScribeBinaryAudioEvent in the Medical Scribe streaming input. This new event type lets you send audio as a raw binary payload instead of a base64-encoded value (<a href="https://github.com/aws/aws-sdk-js-v3/commit/b53e62719c52a2231a3d00a3db77012048e2e189">b53e6271</a>)</li> <li><strong>undici-http-handler:</strong> re-export '<code>@​smithy/undici-http-handler</code>' (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8093">#8093</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/7a1992b089765dbe035fbcd15822af7f6a898523">7a1992b0</a>)</li> </ul> <h5>Tests</h5> <ul> <li><strong>client-iam:</strong> update hook time out (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8094">#8094</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/8c4cdea5c45acdb8eb68db4579ce8704445cf5e9">8c4cdea5</a>)</li> <li>use crypto.randomUUID for resource names in e2e tests (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8091">#8091</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/e4ef6c57d8fd97d15e0a7a27a24396990d704307">e4ef6c57</a>)</li> </ul> <hr /> <p>For list of updated packages, view <strong>updated-packages.md</strong> in <strong>assets-3.1066.0.zip</strong></p> <h2>v3.1065.0</h2> <h4>3.1065.0(2026-06-09)</h4> <h5>Chores</h5> <ul> <li><strong>lib-transfer-manager:</strong> sort scripts alphabetically (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8087">#8087</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/0441d8b754e75b86959a45240541d2665610885b">0441d8b7</a>)</li> </ul> <h5>New Features</h5> <ul> <li><strong>clients:</strong> update client endpoints as of 2026-06-09 (<a href="https://github.com/aws/aws-sdk-js-v3/commit/935d71be412b58187acbaa20fbc3f8e1003f9a73">935d71be</a>)</li> <li><strong>client-timestream-write:</strong> Adding new BDD representation of endpoint ruleset (<a href="https://github.com/aws/aws-sdk-js-v3/commit/45148681a66afe8e7bbf6a3845eb86c1bf3c2d1a">45148681</a>)</li> <li><strong>client-cloudwatch:</strong> This release adds the APIs (AssociateDatasetKmsKey, DisassociateDatasetKmsKey, GetDataset) to manage encryption at rest for OpenTelemetry metrics in CloudWatch using AWS KMS customer managed keys. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/67566cd62dec418034287e32dea4e2e88fc803e5">67566cd6</a>)</li> <li><strong>client-marketplace-commerce-analytics:</strong> Adding new BDD representation of endpoint ruleset (<a href="https://github.com/aws/aws-sdk-js-v3/commit/0adb8bd9484bbf97b40554fa13dc26fa1a5b2001">0adb8bd9</a>)</li> <li><strong>client-bedrock:</strong> Adds support for the Amazon Bedrock account-level data retention APIs PutAccountDataRetention and GetAccountDataRetention. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/9acf4f7fb1df00c72c671a372e8712de0c98c0c5">9acf4f7f</a>)</li> <li><strong>client-odb:</strong> Releases Autonomous Database Serverless APIs, autonomousDatabaseOciIntegrationIamRoles, linkedOciTenancyId, linkedOciCompartmentId, and subscriptionErrors fields in GetOciOnboardingStatus API response. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/fad7009ced5a19c5953633ad1530c58c8d874046">fad7009c</a>)</li> <li><strong>client-timestream-query:</strong> Adding new BDD representation of endpoint ruleset (<a href="https://github.com/aws/aws-sdk-js-v3/commit/878fc723bc8d77161255f8b3c12aa5cb14e9382f">878fc723</a>)</li> <li><strong>client-dynamodb-streams:</strong> Adding new BDD representation of endpoint ruleset (<a href="https://github.com/aws/aws-sdk-js-v3/commit/eeaa78277d41ca386013742e00281928b97b26ae">eeaa7827</a>)</li> <li><strong>client-ec2:</strong> Added TagFieldSpecifications to CreateFlowLogs and DescribeFlowLogs APIs. Customers can now specify tag keys in their Flow Logs subscriptions to capture associated EC2 resource tag values in their logs, enabling tag-based visibility. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/6a382a8a858c47a3304b80ac242882d2f1073f26">6a382a8a</a>)</li> <li><strong>client-bedrock-agentcore:</strong> Add RetryableConflictException (HTTP 409) to InvokeAgentRuntimeCommand and GetAgentCard to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/a9c4a0dac49fd624896af7d0c38950f39328df63">a9c4a0da</a>)</li> <li><strong>client-outposts:</strong> Added AWS Outposts APIs for self-service Outposts quoting and ordering. New operations include CreateQuote, GetQuote, UpdateQuote, DeleteQuote, ListQuotes, and ListOrderableInstanceTypes. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/bb1279eff5d814bc9795836dfc2b9d47f75bf6b5">bb1279ef</a>)</li> <li><strong>client-iotsitewise:</strong> Adding new BDD representation of endpoint ruleset (<a href="https://github.com/aws/aws-sdk-js-v3/commit/b9314d4a457e338d7975076f1b7923fea4febbdd">b9314d4a</a>)</li> </ul> <h5>Bug Fixes</h5> <ul> <li><strong>credential-provider-sso:</strong> forward clientConfig to SSO token provider (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8089">#8089</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/4bacac32fc593bd47a48501504575cf15eaffaba">4bacac32</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md">@​aws-sdk/client-s3's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1065.0...v3.1066.0">3.1066.0</a> (2026-06-10)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1064.0...v3.1065.0">3.1065.0</a> (2026-06-09)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1063.0...v3.1064.0">3.1064.0</a> (2026-06-08)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1062.0...v3.1063.0">3.1063.0</a> (2026-06-05)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1061.0...v3.1062.0">3.1062.0</a> (2026-06-04)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1060.0...v3.1061.0">3.1061.0</a> (2026-06-03)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1059.0...v3.1060.0">3.1060.0</a> (2026-06-03)</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/4b11912aef8adc845f81b7e9922bd180c5cf1d90"><code>4b11912</code></a> Publish v3.1066.0</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/e4ef6c57d8fd97d15e0a7a27a24396990d704307"><code>e4ef6c5</code></a> test: use crypto.randomUUID for resource names in e2e tests (<a href="https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3/issues/8091">#8091</a>)</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/62daf07c545b1fbac5753c554e2c8298ae6b820f"><code>62daf07</code></a> Publish v3.1065.0</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/bac71756a62d28fb08dce3e219176b365118eae4"><code>bac7175</code></a> Publish v3.1064.0</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/86792c5e3b9c0b697161a5a14ef119153d1c17f5"><code>86792c5</code></a> chore(scripts): update pkg json linting (<a href="https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3/issues/8082">#8082</a>)</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/85dabf4ef0c81d9db5405c483b3bfbd2126075d4"><code>85dabf4</code></a> Publish v3.1063.0</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/9bd1a86b9bec0f69c58dcfdda481c9e1797dd73f"><code>9bd1a86</code></a> chore: update author URL in package.json (<a href="https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3/issues/8080">#8080</a>)</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/f5235bbaa2e234435fed935ae69df09b33149d0c"><code>f5235bb</code></a> Publish v3.1062.0</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/291ad3664d63b413e6c9631ac0a833e5819ceeaa"><code>291ad36</code></a> chore(scripts): include generated packages when validating declared imports 1...</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/71df2cc54f319fdbd1a6cd82b0317dbb65b386a7"><code>71df2cc</code></a> Publish v3.1061.0</li> <li>Additional commits viewable in <a href="https://github.com/aws/aws-sdk-js-v3/commits/v3.1066.0/clients/client-s3">compare view</a></li> </ul> </details> <br /> Updates `@radix-ui/react-radio-group` from 1.3.8 to 1.4.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/radix-ui/primitives/blob/main/packages/react/radio-group/CHANGELOG.md">@​radix-ui/react-radio-group's changelog</a>.</em></p> <blockquote> <h2>1.4.0</h2> <ul> <li>Added unstable <code>RadioGroupItemProvider</code>, <code>RadioGroupItemTrigger</code> and <code>RadioGroupItemBubbleInput</code> parts. These expose the previously internal composition of a radio item (context provider, the interactive control, and the hidden form input) so consumers can directly access and recompose them. The <code>RadioGroupItem</code> component continues to render them by default.</li> <li>Added repository.directory to all package.json files</li> <li>Updated dependencies: <code>@radix-ui/react-presence@1.1.6</code>, <code>@radix-ui/react-direction@1.1.2</code>, <code>@radix-ui/primitive@1.1.4</code>, <code>@radix-ui/react-compose-refs@1.1.3</code>, <code>@radix-ui/react-context@1.1.4</code>, <code>@radix-ui/react-primitive@2.1.5</code>, <code>@radix-ui/react-roving-focus@1.1.12</code>, <code>@radix-ui/react-use-controllable-state@1.2.3</code>, <code>@radix-ui/react-use-previous@1.1.2</code>, <code>@radix-ui/react-use-size@1.1.2</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/radix-ui/primitives/commits/HEAD/packages/react/radio-group">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@​radix-ui/react-radio-group</code> since your current version.</p> </details> <br /> Updates `@radix-ui/react-select` from 2.2.6 to 2.3.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/radix-ui/primitives/blob/main/packages/react/select/CHANGELOG.md">@​radix-ui/react-select's changelog</a>.</em></p> <blockquote> <h2>2.3.0</h2> <ul> <li>Added unstable <code>Provider</code> and <code>BubbleInput</code> parts to Select. <code>Select.unstable_Provider</code> sets up Select's context and state without implicitly rendering the hidden native <code>select</code>, and <code>Select.unstable_BubbleInput</code> exposes that previously internal native <code>select</code> so consumers can recompose it explicitly. <code>Select</code> continues to render both by default.</li> <li>Added support for presence-based exit animations in Select</li> <li>Fixed Select hidden input so it submits empty string when no value is selected</li> <li>Fixed placeholder rendering when a controlled Select is reset to an empty value</li> <li>Added missing <code>__selectScope</code> prop to <code>PopperContent</code> component</li> <li>Fixed <code>Select</code> closing unexpectedly after touch-scrolling its content when rendered inside an open shadow DOM</li> <li>Fixed a bug where iOS text selection and editing on HTML inputs within <code>react-dialog</code> were broken</li> <li>Fixed triggers referencing a non-existent element via <code>aria-controls</code> when their content is removed from the DOM (credit to <a href="https://github.com/dodomorandi"><code>@​dodomorandi</code></a> for the <a href="https://redirect.github.com/radix-ui/primitives/pull/3243">original PR</a>)</li> <li>Fixed <code>SelectValue</code> logging invalid prop errors when used with both <code>asChild</code> and a placeholder</li> <li>Added repository.directory to all package.json files</li> <li>Updated dependencies: <code>@radix-ui/react-presence@1.1.6</code>, <code>@radix-ui/react-popper@1.3.0</code>, <code>@radix-ui/react-slot@1.2.5</code>, <code>@radix-ui/react-focus-guards@1.1.4</code>, <code>@radix-ui/react-dismissable-layer@1.1.12</code>, <code>@radix-ui/react-collection@1.1.9</code>, <code>@radix-ui/react-direction@1.1.2</code>, <code>@radix-ui/number@1.1.2</code>, <code>@radix-ui/primitive@1.1.4</code>, <code>@radix-ui/react-compose-refs@1.1.3</code>, <code>@radix-ui/react-context@1.1.4</code>, <code>@radix-ui/react-focus-scope@1.1.9</code>, <code>@radix-ui/react-id@1.1.2</code>, <code>@radix-ui/react-portal@1.1.11</code>, <code>@radix-ui/react-primitive@2.1.5</code>, <code>@radix-ui/react-use-callback-ref@1.1.2</code>, <code>@radix-ui/react-use-controllable-state@1.2.3</code>, <code>@radix-ui/react-use-layout-effect@1.1.2</code>, <code>@radix-ui/react-use-previous@1.1.2</code>, <code>@radix-ui/react-visually-hidden@1.2.5</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/radix-ui/primitives/commits/HEAD/packages/react/select">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@​radix-ui/react-select</code> since your current version.</p> </details> <br /> Updates `@radix-ui/react-switch` from 1.2.6 to 1.3.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/radix-ui/primitives/blob/main/packages/react/switch/CHANGELOG.md">@​radix-ui/react-switch's changelog</a>.</em></p> <blockquote> <h2>1.3.0</h2> <ul> <li>Added unstable <code>Provider</code>, <code>Trigger</code> and <code>BubbleInput</code> parts to Switch. These expose the previously internal composition (context provider, the interactive control, and the hidden form input) so consumers can directly access and recompose them. The <code>Switch</code> component continues to render them by default.</li> <li>Added repository.directory to all package.json files</li> <li>Updated dependencies: <code>@radix-ui/primitive@1.1.4</code>, <code>@radix-ui/react-compose-refs@1.1.3</code>, <code>@radix-ui/react-context@1.1.4</code>, <code>@radix-ui/react-primitive@2.1.5</code>, <code>@radix-ui/react-use-controllable-state@1.2.3</code>, <code>@radix-ui/react-use-previous@1.1.2</code>, <code>@radix-ui/react-use-size@1.1.2</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/radix-ui/primitives/commits/HEAD/packages/react/switch">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@​radix-ui/react-switch</code> since your current version.</p> </details> <br /> Updates `@tanstack/react-query` from 5.100.14 to 5.101.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/TanStack/query/releases">@​tanstack/react-query's releases</a>.</em></p> <blockquote> <h2><code>@​tanstack/react-query-devtools</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/TanStack/query/commit/3042860e3c8731c94ca4dec0e277e415d0484fce"><code>3042860</code></a>, <a href="https://github.com/TanStack/query/commit/e631dc3fa17bff71f413246b7a770a730016d346"><code>e631dc3</code></a>]: <ul> <li><code>@​tanstack/query-devtools</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> <li><code>@​tanstack/react-query</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> </ul> </li> </ul> <h2><code>@​tanstack/react-query-next-experimental</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/TanStack/query/pull/10857">#10857</a> <a href="https://github.com/TanStack/query/commit/7cf5923308fb91f3eff0fe952d8c64676e2bdad7"><code>7cf5923</code></a> - fix(react-query-next-experimental): replace deprecated 'isServer' with 'environmentManager.isServer()'</p> </li> <li> <p>Updated dependencies []:</p> <ul> <li><code>@​tanstack/react-query</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> </ul> </li> </ul> <h2><code>@​tanstack/react-query-persist-client</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​tanstack/query-persist-client-core</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> <li><code>@​tanstack/react-query</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> </ul> </li> </ul> <h2><code>@​tanstack/react-query</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​tanstack/query-core</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md">@​tanstack/react-query's changelog</a>.</em></p> <blockquote> <h2>5.101.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​tanstack/query-core</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/TanStack/query/commit/f3d8d2abbf15bf81ff7575d3be9845d7b402f25a"><code>f3d8d2a</code></a> ci: Version Packages (<a href="https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10774">#10774</a>)</li> <li><a href="https://github.com/TanStack/query/commit/532bb298fba15e945e69c6ee4edc0c759ff21324"><code>532bb29</code></a> fix(tests): disable local coverage instrumentation (<a href="https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10776">#10776</a>)</li> <li>See full diff in <a href="https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.0/packages/react-query">compare view</a></li> </ul> </details> <br /> Updates `axios` from 1.16.1 to 1.17.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>v1.17.0 — June 1, 2026</h2> <p>This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Config Hardening:</strong> Guarded <code>socketPath</code>, <code>params</code>, and <code>paramsSerializer</code> reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (<strong><a href="https://redirect.github.com/axios/axios/issues/10901">#10901</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10922">#10922</a></strong>)</li> <li><strong>Release Publishing:</strong> Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (<strong><a href="https://redirect.github.com/axios/axios/issues/10926">#10926</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>HTTP Compression:</strong> Added Node HTTP adapter support for zstd response decompression, with <code>transitional.advertiseZstdAcceptEncoding</code> controlling whether <code>zstd</code> is advertised in <code>Accept-Encoding</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/6792">#6792</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10920">#10920</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Authentication Handling:</strong> Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (<strong><a href="https://redirect.github.com/axios/axios/issues/10929">#10929</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10896">#10896</a></strong>)</li> <li><strong>Proxy TLS:</strong> Preserved user <code>httpsAgent</code> TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (<strong><a href="https://redirect.github.com/axios/axios/issues/10957">#10957</a></strong>)</li> <li><strong>React Native FormData:</strong> Cleared default <code>Content-Type</code> for React Native <code>FormData</code> so multipart boundaries can be generated correctly. (<strong><a href="https://redirect.github.com/axios/axios/issues/10898">#10898</a></strong>)</li> <li><strong>Headers:</strong> Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10875">#10875</a></strong>)</li> <li><strong>Request Data Merging:</strong> Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (<strong><a href="https://redirect.github.com/axios/axios/issues/10812">#10812</a></strong>)</li> <li><strong>Bundler Compatibility:</strong> Converted <code>resolveConfig</code> from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (<strong><a href="https://redirect.github.com/axios/axios/issues/10891">#10891</a></strong>)</li> <li><strong>Types:</strong> Corrected <code>AxiosHeaders.toJSON()</code> return types and updated CommonJS <code>isCancel</code> typings to narrow to <code>CanceledError&lt;T&gt;</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10956">#10956</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10952">#10952</a></strong>)</li> <li><strong>Build Tooling:</strong> Avoided emitting a null <code>Authorization</code> header from the GitHub build helper when <code>GITHUB_TOKEN</code> is unset. (<strong><a href="https://redirect.github.com/axios/axios/issues/10931">#10931</a></strong>)</li> </ul> <h2>🔧 Maintenance &amp; Chores</h2> <ul> <li><strong>HTTP/2 Internals:</strong> Extracted <code>Http2Sessions</code> into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (<strong><a href="https://redirect.github.com/axios/axios/issues/10861">#10861</a></strong>)</li> <li><strong>Package Publishing:</strong> Reduced published package size by switching to a <code>files</code> allowlist and dropping unneeded unminified bundle source maps. (<strong><a href="https://redirect.github.com/axios/axios/issues/10939">#10939</a></strong>)</li> <li><strong>CI and Release Automation:</strong> Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (<strong><a href="https://redirect.github.com/axios/axios/issues/10907">#10907</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10911">#10911</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10916">#10916</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10927">#10927</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10935">#10935</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10983">#10983</a></strong>)</li> <li><strong>Developer Workflow:</strong> Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (<strong><a href="https://redirect.github.com/axios/axios/issues/10925">#10925</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10914">#10914</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10958">#10958</a></strong>)</li> <li><strong>Documentation and Policy:</strong> Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (<strong><a href="https://redirect.github.com/axios/axios/issues/10890">#10890</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10889">#10889</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10921">#10921</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10945">#10945</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10905">#10905</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10933">#10933</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10915">#10915</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10887">#10887</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10955">#10955</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, <code>fs-extra</code>, <code>qs</code>, docs dependencies, and GitHub Actions dependencies including <code>actions/dependency-review-action</code> and <code>zizmorcore/zizmor-action</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10871">#10871</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10879">#10879</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10918">#10918</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10919">#10919</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10934">#10934</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10947">#10947</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10954">#10954</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10960">#10960</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/BasixKOR"><code>@​BasixKOR</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/6792">#6792</a></strong>)</li> <li><strong><a href="https://github.com/carladams1299-lab"><code>@​carladams1299-lab</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10861">#10861</a></strong>)</li> <li><strong><a href="https://github.com/LaplaceYoung"><code>@​LaplaceYoung</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10812">#10812</a></strong>)</li> <li><strong><a href="https://github.com/JamieMagee"><code>@​JamieMagee</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10939">#10939</a></strong>)</li> <li><strong><a href="https://github.com/RonGamzu"><code>@​RonGamzu</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10905">#10905</a></strong>)</li> <li><strong><a href="https://github.com/sapirbaruch"><code>@​sapirbaruch</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10891">#10891</a></strong>)</li> <li><strong><a href="https://github.com/nezukoagent"><code>@​nezukoagent</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10901">#10901</a></strong>)</li> <li><strong><a href="https://github.com/devareddy05"><code>@​devareddy05</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10929">#10929</a></strong>)</li> <li><strong><a href="https://github.com/Mohammad-Faiz-Cloud-Engineer"><code>@​Mohammad-Faiz-Cloud-Engineer</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10922">#10922</a></strong>)</li> <li><strong><a href="https://github.com/azandabot"><code>@​azandabot</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10931">#10931</a></strong>)</li> <li><strong><a href="https://github.com/niksy"><code>@​niksy</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10896">#10896</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.16.1...v1.17.0">Full Changelog</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2>v1.17.0 — June 1, 2026</h2> <p>This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Config Hardening:</strong> Guarded <code>socketPath</code>, <code>params</code>, and <code>paramsSerializer</code> reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (<strong><a href="https://redirect.github.com/axios/axios/issues/10901">#10901</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10922">#10922</a></strong>)</li> <li><strong>Release Publishing:</strong> Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (<strong><a href="https://redirect.github.com/axios/axios/issues/10926">#10926</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>HTTP Compression:</strong> Added Node HTTP adapter support for zstd response decompression, with <code>transitional.advertiseZstdAcceptEncoding</code> controlling whether <code>zstd</code> is advertised in <code>Accept-Encoding</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/6792">#6792</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10920">#10920</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Authentication Handling:</strong> Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (<strong><a href="https://redirect.github.com/axios/axios/issues/10929">#10929</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10896">#10896</a></strong>)</li> <li><strong>Proxy TLS:</strong> Preserved user <code>httpsAgent</code> TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (<strong><a href="https://redirect.github.com/axios/axios/issues/10957">#10957</a></strong>)</li> <li><strong>React Native FormData:</strong> Cleared default <code>Content-Type</code> for React Native <code>FormData</code> so multipart boundaries can be generated correctly. (<strong><a href="https://redirect.github.com/axios/axios/issues/10898">#10898</a></strong>)</li> <li><strong>Headers:</strong> Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10875">#10875</a></strong>)</li> <li><strong>Request Data Merging:</strong> Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (<strong><a href="https://redirect.github.com/axios/axios/issues/10812">#10812</a></strong>)</li> <li><strong>Bundler Compatibility:</strong> Converted <code>resolveConfig</code> from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (<strong><a href="https://redirect.github.com/axios/axios/issues/10891">#10891</a></strong>)</li> <li><strong>Types:</strong> Corrected <code>AxiosHeaders.toJSON()</code> return types and updated CommonJS <code>isCancel</code> typings to narrow to <code>CanceledError&lt;T&gt;</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10956">#10956</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10952">#10952</a></strong>)</li> <li><strong>Build Tooling:</strong> Avoided emitting a null <code>Authorization</code> header from the GitHub build helper when <code>GITHUB_TOKEN</code> is unset. (<strong><a href="https://redirect.github.com/axios/axios/issues/10931">#10931</a></strong>)</li> </ul> <h2>🔧 Maintenance &amp; Chores</h2> <ul> <li><strong>HTTP/2 Internals:</strong> Extracted <code>Http2Sessions</code> into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (<strong><a href="https://redirect.github.com/axios/axios/issues/10861">#10861</a></strong>)</li> <li><strong>Package Publishing:</strong> Reduced published package size by switching to a <code>files</code> allowlist and dropping unneeded unminified bundle source maps. (<strong><a href="https://redirect.github.com/axios/axios/issues/10939">#10939</a></strong>)</li> <li><strong>CI and Release Automation:</strong> Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (<strong><a href="https://redirect.github.com/axios/axios/issues/10907">#10907</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10911">#10911</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10916">#10916</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10927">#10927</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10935">#10935</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10983">#10983</a></strong>)</li> <li><strong>Developer Workflow:</strong> Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (<strong><a href="https://redirect.github.com/axios/axios/issues/10925">#10925</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10914">#10914</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10958">#10958</a></strong>)</li> <li><strong>Documentation and Policy:</strong> Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (<strong><a href="https://redirect.github.com/axios/axios/issues/10890">#10890</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10889">#10889</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10921">#10921</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10945">#10945</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10905">#10905</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10933">#10933</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10915">#10915</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10887">#10887</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10955">#10955</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, <code>fs-extra</code>, <code>qs</code>, docs dependencies, and GitHub Actions dependencies including <code>actions/dependency-review-action</code> and <code>zizmorcore/zizmor-action</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10871">#10871</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10879">#10879</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10918">#10918</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10919">#10919</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10934">#10934</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10947">#10947</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10954">#10954</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10960">#10960</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/BasixKOR"><code>@​BasixKOR</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/6792">#6792</a></strong>)</li> <li><strong><a href="https://github.com/carladams1299-lab"><code>@​carladams1299-lab</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10861">#10861</a></strong>)</li> <li><strong><a href="https://github.com/LaplaceYoung"><code>@​LaplaceYoung</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10812">#10812</a></strong>)</li> <li><strong><a href="https://github.com/JamieMagee"><code>@​JamieMagee</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10939">#10939</a></strong>)</li> <li><strong><a href="https://github.com/RonGamzu"><code>@​RonGamzu</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10905">#10905</a></strong>)</li> <li><strong><a href="https://github.com/sapirbaruch"><code>@​sapirbaruch</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10891">#10891</a></strong>)</li> <li><strong><a href="https://github.com/nezukoagent"><code>@​nezukoagent</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10901">#10901</a></strong>)</li> <li><strong><a href="https://github.com/devareddy05"><code>@​devareddy05</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10929">#10929</a></strong>)</li> <li><strong><a href="https://github.com/Mohammad-Faiz-Cloud-Engineer"><code>@​Mohammad-Faiz-Cloud-Engineer</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10922">#10922</a></strong>)</li> <li><strong><a href="https://github.com/azandabot"><code>@​azandabot</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10931">#10931</a></strong>)</li> <li><strong><a href="https://github.com/niksy"><code>@​niksy</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10896">#10896</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.16.1...v1.17.0">Full Changelog</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/4306df21e84332fc576e98c2de549347c06bfb76"><code>4306df2</code></a> chore: add fun 88 sponsorship</li> <li><a href="https://github.com/axios/axios/commit/931cc8f0106db4c9885403f85364b9e09ae1f6dc"><code>931cc8f</code></a> chore(release): prepare release 1.17.0 (<a href="https://redirect.github.com/axios/axios/issues/10983">#10983</a>)</li> <li><a href="https://github.com/axios/axios/commit/38ba1b3d2b0aa5ada0463a37a548feb83a84dfa1"><code>38ba1b3</code></a> fix(fetch): support basic auth from URL (<a href="https://redirect.github.com/axios/axios/issues/10896">#10896</a>)</li> <li><a href="https://github.com/axios/axios/commit/32e2515f1e09b649723e4acd89d920df13eee77e"><code>32e2515</code></a> fix: replace ternary side effect in script (<a href="https://redirect.github.com/axios/axios/issues/10931">#10931</a>)</li> <li><a href="https://github.com/axios/axios/commit/030e7223831b0f562af3eb7501b24242c8a4c5ba"><code>030e722</code></a> chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (<a href="https://redirect.github.com/axios/axios/issues/10960">#10960</a>)</li> <li><a href="https://github.com/axios/axios/commit/ec63164ac6b7a1fcd6b742a8628d3fffe23ce001"><code>ec63164</code></a> chore: remove openspec (<a href="https://redirect.github.com/axios/axios/issues/10958">#10958</a>)</li> <li><a href="https://github.com/axios/axios/commit/3dec28f94ce29d396d5f2d9718805b47428dc7ab"><code>3dec28f</code></a> fix(http): preserve TLS options for proxy tunnels (<a href="https://redirect.github.com/axios/axios/issues/10957">#10957</a>)</li> <li><a href="https://github.com/axios/axios/commit/a2390a5c059342bcac2a5297728181dd9939f562"><code>a2390a5</code></a> fix: correct isCancel type to narrow to CanceledError&lt;T&gt; (<a href="https://redirect.github.com/axios/axios/issues/10952">#10952</a>)</li> <li><a href="https://github.com/axios/axios/commit/fa01b9255d71e72599826428bc6c60f34994c6ce"><code>fa01b92</code></a> chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (<a href="https://redirect.github.com/axios/axios/issues/10954">#10954</a>)</li> <li><a href="https://github.com/axios/axios/commit/2d2314a1ac29ce6723eb53e130b4a36617fd201c"><code>2d2314a</code></a> fix: AxiosHeaders <code>toJSON()</code> return types (<a href="https://redirect.github.com/axios/axios/issues/10956">#10956</a>)</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.16.1...v1.17.0">compare view</a></li> </ul> </details> <br /> Updates `js-yaml` from 4.1.1 to 4.2.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.2.0] - 2026-06-01</h2> <h3>Added</h3> <ul> <li>Added <code>docs/safety.md</code> with notes about processing untrusted YAML.</li> <li>Added <code>maxDepth</code> (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.</li> <li>Added <code>maxMergeSeqLength</code> (20) loader option. Not a problem after <code>merge</code> fix, but an additional restriction for safety.</li> <li>Added sourcemaps to <code>dist/</code> builds.</li> </ul> <h3>Changed</h3> <ul> <li>Stop resolving numbers with underscores as numeric scalars, <a href="https://redirect.github.com/nodeca/js-yaml/issues/627">#627</a>.</li> <li>Switched dev toolchains to Vite / neostandard.</li> <li>Updated demo.</li> <li>Reorganized tests.</li> <li><code>dist/</code> files are no longer kept in the repository.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix parsing of properties on the first implicit block mapping key, <a href="https://redirect.github.com/nodeca/js-yaml/issues/62">#62</a>.</li> <li>Fix trailing whitespace handling when folding flow scalar lines, <a href="https://redirect.github.com/nodeca/js-yaml/issues/307">#307</a>.</li> <li>Reject top-level block scalars without content indentation, <a href="https://redirect.github.com/nodeca/js-yaml/issues/280">#280</a>.</li> <li>Ensure numbers survive round-trip, <a href="https://redirect.github.com/nodeca/js-yaml/issues/737">#737</a>.</li> <li>Fix test coverage for issue <a href="https://redirect.github.com/nodeca/js-yaml/issues/221">#221</a>.</li> <li>Fix flow scalar trailing whitespace folding, <a href="https://redirect.github.com/nodeca/js-yaml/issues/307">#307</a>.</li> <li>Fix digits in YAML named tag handles.</li> </ul> <h3>Security</h3> <ul> <li>Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files &gt; 10K).</li> </ul> <h2>[3.14.2] - 2025-11-15</h2> <h3>Security</h3> <ul> <li>Backported v4.1.1 fix to v3</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/commits">compare view</a></li> </ul> </details> <br /> Updates `posthog-node` from 5.35.6 to 5.36.15 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/releases">posthog-node's releases</a>.</em></p> <blockquote> <h2>posthog-node@5.36.15</h2> <h2>5.36.15</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.32.1</li> </ul> </li> </ul> <h2>posthog-node@5.36.14</h2> <h2>5.36.14</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/612f97adebd3d863602533180ac4bee3f3ed731d"><code>612f97a</code></a>]: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.32.0</li> </ul> </li> </ul> <h2>posthog-node@5.36.13</h2> <h2>5.36.13</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.31.4</li> </ul> </li> </ul> <h2>posthog-node@5.36.12</h2> <h2>5.36.12</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.31.3</li> </ul> </li> </ul> <h2>posthog-node@5.36.11</h2> <h2>5.36.11</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.31.2</li> </ul> </li> </ul> <h2>posthog-node@5.36.10</h2> <h2>5.36.10</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.31.1</li> </ul> </li> </ul> <h2>posthog-node@5.36.9</h2> <h2>5.36.9</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.36.15</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.32.1</li> </ul> </li> </ul> <h2>5.36.14</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/612f97adebd3d863602533180ac4bee3f3ed731d"><code>612f97a</code></a>]: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.32.0</li> </ul> </li> </ul> <h2>5.36.13</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.31.4</li> </ul> </li> </ul> <h2>5.36.12</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.31.3</li> </ul> </li> </ul> <h2>5.36.11</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.31.2</li> </ul> </li> </ul> <h2>5.36.10</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.31.1</li> </ul> </li> </ul> <h2>5.36.9</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/0c2acb9f30d545bb89d1f950ba8f840c76e47dc2"><code>0c2acb9</code></a>]: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.31.0</li> </ul> </li> </ul> <h2>5.36.8</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/defbc62fc22d64fe57ee22e0ade43d1758866a76"><code>defbc62</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/50a666fe03ce61b889c335593cade36dacb74270"><code>50a666f</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/f4d4c8b84663c983d67fffe02e284d9496cff5f1"><code>f4d4c8b</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/8b8b196a19bc32e91970212c26a41119c84c2f32"><code>8b8b196</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/a88dfa10e46e797889bb27a4183f5e44f5327bc1"><code>a88dfa1</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/a116ad3c2079570b77c39bacda5750996a12b005"><code>a116ad3</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/e93fcb168f0dfc546385a2633aaf968b6724f480"><code>e93fcb1</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/57e4e256629e84233fad942ba4c95392c1b60285"><code>57e4e25</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/65f9a67a264366a69bf24eaf8d3d283e2dbd23e0"><code>65f9a67</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/78209299874f932e55b0050d3b891f5c8dbd66a6"><code>7820929</code></a> refactor: reduce duplicate code found by dry4ts (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3748">#3748</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.36.15/packages/node">compare view</a></li> </ul> </details> <br /> Updates `react-hook-form` from 7.76.1 to 7.78.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/react-hook-form/react-hook-form/releases">react-hook-form's releases</a>.</em></p> <blockquote> <h2>Version 7.78.0</h2> <p>🦷 update type dirtyFields typing for field arrays with undefined entries (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13492">#13492</a>) 🐞 fix: recover Controller fields after reset without rerender (RN issue <a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13455">#13455</a>) (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13497">#13497</a>) 🐞 fix useFormState().isDirty race with async resolver in onChange mode (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13495">#13495</a>) 🐞 fix: use reactive values prop over defaultValues when shouldUnregister is true (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13485">#13485</a>) 🐞 fix deepEqual for empty non-plain objects (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13493">#13493</a>)</p> <p>thanks to <a href="https://github.com/cyphercodes"><code>@​cyphercodes</code></a></p> <h2>Version 7.77.0</h2> <p>🥡 feat: add resetDefaultValues API (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13427">#13427</a>)</p> <p><a href="https://react-hook-form.com/docs/useform/resetdefaultvalues">https://react-hook-form.com/docs/useform/resetdefaultvalues</a></p> <pre lang="tsx"><code>const { resetDefaultValues } = useForm(); <p>resetDefaultValues(currentValues); </code></pre></p> <p>🐚 harden get() against prototype-path traversal (<strong>proto</strong> / constructor / prototype) (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13479">#13479</a>) 🐞 fix FieldArray errors overriding nested fields (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13476">#13476</a>) 🐞 fix inconsistent reset({}) behavior requiring double-call to take effect (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13473">#13473</a>) 🐞 fix: preserve values with shouldUnregister (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13464">#13464</a>) 🐞 fix stale isDirty in subscribe payload after reset(..., { keepValues: true }) (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13461">#13461</a>) 👝 save bundle size (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13468">#13468</a>)</p> <p>thanks to <a href="https://github.com/puneetdixit200"><code>@​puneetdixit200</code></a> &amp; <a href="https://github.com/dfedoryshchev"><code>@​dfedoryshchev</code></a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md">react-hook-form's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>[7.77.0] - 2026-05-31</h2> <h3>Added</h3> <ul> <li><code>resetDefaultValues</code> API</li> </ul> <h3>Fixed</h3> <ul> <li>Stale <code>isDirty</code> in <code>subscribe</code> payload after <code>reset(..., { keepValues: true })</code></li> <li>Preserve values with <code>shouldUnregister</code></li> <li>Inconsistent <code>reset({})</code> behavior requiring double-call to take effect</li> <li><code>FieldArray</code> errors overriding nested fields</li> </ul> <h3>Security</h3> <ul> <li>Harden <code>get()</code> against prototype-path traversal (<code>__proto__</code> / <code>constructor</code> / <code>prototype</code>)</li> </ul> <h3>Performance</h3> <ul> <li>Bundle size reduction</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/23ab3a7b9f3c46af17d62bdedd0f9101684ebfa7"><code>23ab3a7</code></a> 7.78.0</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/29fbd7dd35f0ee443c24dd442d7c87a48fd34918"><code>29fbd7d</code></a> 🪭 close <a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13506">#13506</a> add regression test for useFormState</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/b0005091e3c160af1cf505d8a8de5e0202f9794b"><code>b000509</code></a> 📝 test: fix &quot;allow to&quot; grammar in test descriptions (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13504">#13504</a>)</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/76187c308a3266cd58401bb895a514149abec586"><code>76187c3</code></a> 🧪 add unit test for regression render submit with useWatch <a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13035">#13035</a></li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/16c35fbe83b4d24391fda375ac193c8aa0b47912"><code>16c35fb</code></a> 🫡 add regression coverage for dynamic Controller names with keepDirtyValues/k...</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/0bd39fa25cc20f69fc8fdb10241102016aaf20c0"><code>0bd39fa</code></a> 🐞 fix: recover Controller fields after reset without rerender (RN issue <a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/1345">#1345</a>...</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/6a501e04c533831d0e98a7315447fc995e509559"><code>6a501e0</code></a> 🦷 update type dirtyFields typing for field arrays with undefined entries (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13">#13</a>...</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/d681dc57a84fa037a4bfda5b4094bebc8f71cfed"><code>d681dc5</code></a> 🐞 fix <code>useFormState().isDirty</code> race with async resolver in <code>onChange</code> mode (#...</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/a9b8a6fb919c7ec9e0ea671b64712e1c39fc9f15"><code>a9b8a6f</code></a> 🐞 fix: use reactive values prop over defaultValues when shouldUnregister is t...</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/686da3f73d59ed94c7e112f82023aed9786fe0df"><code>686da3f</code></a> 🐞 fix deepEqual for empty non-plain objects (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13493">#13493</a>)</li> <li>Additional commits viewable in <a href="https://github.com/react-hook-form/react-hook-form/compare/v7.76.1...v7.78.0">compare view</a></li> </ul> </details> <br /> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-06-11 00:45:51 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#29075